Install this Windows Server patch fast, a warning to Azure administrators and more.
Welcome to Cyber Security Today. It’s Wednesday, April 12th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Windows administrators are being urged to quickly install fixes released yesterday on Patch Tuesday. One fixes a zero-day vulnerability in the Windows Common Log File System driver which is already being exploited by threat actors. Another patch is aimed at environments that have enabled the Microsoft Message Queuing service. If so, consider action. Of all the Windows patches released yesterday seven are rated critical.
Also released yesterday were patches from Adobe for issues in Acrobat, Acrobat Reader, Digital Editions, InCopy and other products.
And SAP released 24 new and updated patches, including five HotNews Notes and one High Priority Note.
An Israeli company’s spyware is allegedly being used by customers to target Apple devices used by certain reporters, political opposition figures and others in a number of countries. That’s the conclusion of reports by Microsoft and the University of Toronto’s Citizen Lab into a company called QuaDream. QuaDream sells hacking tools to governments and law enforcement agencies. One tool is believed to be a zero-click exploit for Apple’s iOS operating system. What’s worrisome is the exploit appears to use an invisible iCloud calendar invitation to compromise devices. The company is similar to the much better known Israeli firm NSO Group, whose spyware is called Pegasus. QuaDream’s spyware is called Reign. Last month the U.S., Canada and other countries vowed to take action against commercial spyware companies.
Here’s a bit of good news: More organizations understand the importance of having a zero trust network access strategy. According to the latest annual report by an American marketing and consulting company called CyberEdge, almost four of five organizations it surveyed around the world said they are using or implementing zero trust principles. We don’t know if they’re doing it right, but at least organizations are getting the message.
And now the bad news: The survey showed if you’re going to be hit by ransomware the odds are the attack will involve more than just scrambling your data. Only 21 per cent of ransomware attacks last year involved encryption alone. A second threat — like data theft or a denial of service attack — involved just over 41 per cent of victims, while 30 per cent were hit by three threats.
Attention Microsoft Azure storage administrators: Be careful when creating storage accounts. Researchers at Orca Security found a design flaw in the way shared key authorization to storage operates in Azure. Microsoft recommends disabling shared key access for getting into Azure-created storage. Instead, authentication should only be allowed through Azure Active Directory. However, the researchers found that shared key authorization is enabled by default when new storage accounts are created. If access to those keys isn’t blocked access tokens can be stolen by a hacker. Microsoft says this isn’t a vulnerability but a deliberate design choice. However, it is planning an update to Azure to address this flaw. Until then, Azure administrators should make sure Azure Shared Key authorization is disabled.
The most popular mobile apps crooks use for hiding malware are in cryptocurrency trackers, fake financial apps, fake QR code scanners and dating apps. That’s according to researchers at Kaspersky. They looked at bad Android apps offered on the Google Play store in the past three years. Google, the report notes, polices the Play store, but sometimes threat actors manage to upload malicious apps into the store anyway. The report looks at the tools like installers and loaders crooks are selling to malicious app developers so their code can get by Google defences and execute on victims’ smartphones. Your best defence is avoiding installing an app unless you’re sure from consulting reviews and friends that it’s safe, and keeping your Android phone’s security patches up to date. Remember, if your phone stops accepting updates it’s a sign it is no longer supported by your carrier. Time to consider buying a new phone.
In January I reported that Yum! Brands, the company that operates KFC, Pizza Hut, and Taco Bell fast food chains in 155 countries, said it had to close around 300 restaurants in the U.K. for a day after a ransomware attack and data theft. Last week it began sending out data breach notices to Americans that their data was involved. The letter was part of a notice posted on the site of the Maine attorney general. Most of these notices list how many people across the U.S. were victimized. The Yum! Brands notice says that number is “TBD”, or to be determined.
Finally, an update to Apple patching news I told you about on Monday. Emergency security updates are now available for older iPhones and iPads to close two zero-day vulnerabilities. Covered now are all models back to iPhone 6, the iPhone SE, certain iPad and iPod Touch models and some older versions of the macOS.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.